def who_has_permission_to(self, perm):
try:
content_type = get_content_type_for_model(self)
id = self.id
users = []
#object = content_type.get_object_for_this_type(id=id)
perm = Action.get_by_name(perm.upper())
adminPerm = Action.get_by_name("ALL")
for u in Permission.objects.filter(content_type=content_type,
negative=False,
object_id=id):
if perm in u.get_valid_actions():
if u.user and u.user not in users:
users.append(u.user)
if u.group:
for user in u.group.members.all():
if user and user not in users:
users.append(user)
if adminPerm in u.get_valid_actions():
if u.user and u.user not in users:
users.append(u.user)
if u.group:
for user in u.group.members.all():
if user and user not in users:
users.append(user)
return users
except Exception, e:
return []
def has_permission_to (self, action_str, object, id=None, any=False):
if isinstance(object, str):
raise Exception(
'Argument 2 in user.has_permission_to was a string; The proper syntax is has_permission_to(action, object)!')
content_type = get_content_type_for_model(object)
object_id = 0
if not isclass(object):
object_id = object.id
action = Action.get_by_name(action_str)
allAction = Action.get_by_name('ALL')
#Checks if the group is permitted
perms = Permission.objects.filter(content_type=content_type,
object_id=object_id,
group=self,
negative=False,
)
for perm in perms:
if action in perm.get_valid_actions():
return True
if allAction in perm.get_valid_actions():
return True
if self.parent:
return self.parent.has_permission_to(action, object, id=id, any=any)
return False
def who_has_permission_to(self, perm):
try:
content_type = get_content_type_for_model(self)
id = self.id
users = []
#object = content_type.get_object_for_this_type(id=id)
perm = Action.get_by_name(perm.upper())
adminPerm = Action.get_by_name("ALL")
for u in Permission.objects.filter(content_type=content_type, negative=False, object_id=id):
if perm in u.get_valid_actions():
if u.user and u.user not in users:
users.append(u.user)
if u.group:
for user in u.group.members.all():
if user and user not in users:
users.append(user)
if adminPerm in u.get_valid_actions():
if u.user and u.user not in users:
users.append(u.user)
if u.group:
for user in u.group.members.all():
if user and user not in users:
users.append(user)
return users
except Exception, e:
return []
def __init__(self, object, *args, **kwargs):
object_id = object.id
content_type = get_content_type_for_model(object)
# If there is no instance, make a fake one!
if not "instance" in kwargs:
kwargs["instance"] = Comment(object_id=object_id, content_type=content_type)
super(CommentForm, self).__init__(*args, **kwargs)
def __init__(self, object, *args, **kwargs):
object_id = object.id
content_type = get_content_type_for_model(object)
# If there is no instance, make a fake one!
if not 'instance' in kwargs:
kwargs['instance'] = Comment(object_id=object_id,
content_type=content_type)
super(CommentForm, self).__init__(*args, **kwargs)
def history(request, id):
instance = get_object_or_404(Order, id=id, deleted=False)
history = Log.objects.filter(content_type=get_content_type_for_model(instance),
object_id=instance.id)
return render(request, 'orders/log.html', {'title': _("Latest events"),
'order': instance,
'logs': history[::-1][0:150]})
def save(self, *args, **kwargs):
if not Core.current_user():
super(PersistentModel, self).save()
return
action = "EDIT"
if not self.id:
action = "ADD"
self.date_created = datetime.now()
self.creator = Core.current_user()
self.company = Core.current_user().get_company()
self.editor = Core.current_user()
self.date_edited = datetime.now()
changes = createTuple(self)
super(PersistentModel, self).save()
#GRANT PERMISSIONS
if action == "ADD":
Core.current_user().grant_role("Admin", self)
admin_group = Core.current_user().get_company_admingroup()
allemployeesgroup = Core.current_user(
).get_company_allemployeesgroup()
if 'no_admin_group_permissions' not in kwargs:
if admin_group:
admin_group.grant_role("Admin", self)
if 'no_allemployee_group_permissions' not in kwargs:
if allemployeesgroup:
allemployeesgroup.grant_role("Member", self)
if 'noLog' not in kwargs:
log = Log(
message=changes,
object_id=self.id,
content_type=get_content_type_for_model(self),
action=action,
)
log.save()
if 'noNotification' not in kwargs:
for us in self.who_has_permission_to('VIEW'):
if us == Core.current_user():
continue
Notification(
recipient=us,
log=log,
).save()
Core.current_user().invalidate_permission_tree()
def history(request, id):
instance = get_object_or_404(Order, id=id, deleted=False)
history = Log.objects.filter(
content_type=get_content_type_for_model(instance),
object_id=instance.id)
return render(
request, 'orders/log.html', {
'title': _("Latest events"),
'order': instance,
'logs': history[::-1][0:150]
})
def save(self, *args, **kwargs):
if not Core.current_user():
super(PersistentModel, self).save()
return
action = "EDIT"
if not self.id:
action = "ADD"
self.date_created = datetime.now()
self.creator = Core.current_user()
self.company = Core.current_user().get_company()
self.editor = Core.current_user()
self.date_edited = datetime.now()
changes = createTuple(self)
super(PersistentModel, self).save()
#GRANT PERMISSIONS
if action == "ADD":
Core.current_user().grant_role("Admin", self)
admin_group = Core.current_user().get_company_admingroup()
allemployeesgroup = Core.current_user().get_company_allemployeesgroup()
if 'no_admin_group_permissions' not in kwargs:
if admin_group:
admin_group.grant_role("Admin", self)
if 'no_allemployee_group_permissions' not in kwargs:
if allemployeesgroup:
allemployeesgroup.grant_role("Member", self)
if 'noLog' not in kwargs:
log = Log(message=changes,
object_id=self.id,
content_type=get_content_type_for_model(self),
action=action,
)
log.save()
if 'noNotification' not in kwargs:
for us in self.who_has_permission_to('VIEW'):
if us == Core.current_user():
continue
Notification(recipient=us,
log=log,
).save()
Core.current_user().invalidate_permission_tree()
def grant_role(self, role, object):
object_id = 0
if not isclass(object):
object_id = object.id
content_type = get_content_type_for_model(object)
act = Role.get_by_name(role)
perm = Permission(role=act,
group=self,
content_type=content_type,
object_id=object_id)
perm.save()
self.invalidate_permission_tree_for_members()
def valid_permission(self, permissions, action, object, id=None, any=False):
if isinstance(object, str):
raise Exception(
'Argument 2 in user.has_permission_to was a string; The proper syntax is has_permission_to(action, object)!')
if Core.current_user().id == 1 and settings.DEBUG == True:
return True
object_id = 0
if not isclass(object):
object_id = object.id
content_type = get_content_type_for_model(object)
try:
permissions[content_type.name][object_id]
except Exception, e:
pass
def grant_role(self, role, object):
object_id = 0
if not isclass(object):
object_id = object.id
content_type = get_content_type_for_model(object)
act = Role.get_by_name(role)
perm = Permission(
role=act,
group=self,
content_type=content_type,
object_id=object_id
)
perm.save()
self.invalidate_permission_tree_for_members()
def grant_permissions (self, actions, object, **kwargs):
from_date = None
to_date = None
negative = False
#Set time limits, if set in func-call
if 'from_date' in kwargs:
from_date = kwargs['from_date']
if 'to_date' in kwargs:
to_date = kwargs['to_date']
#Set negative to negative value in kwargs
if 'negative' in kwargs:
negative = True
#Make it possible to set permissions for classes
object_id = 0
if not isclass(object):
object_id = object.id
#Get info about the object
content_type = get_content_type_for_model(object)
perm = Permission(
group=self,
content_type=content_type,
object_id=object_id,
from_date=from_date,
to_date=to_date,
negative=negative,
)
perm.save()
for p in Action.get_list_by_names(actions):
perm.actions.add(p)
perm.save()
self.invalidate_permission_tree_for_members()
def grant_permissions(self, actions, object, **kwargs):
from_date = None
to_date = None
negative = False
#Set time limits, if set in func-call
if 'from_date' in kwargs:
from_date = kwargs['from_date']
if 'to_date' in kwargs:
to_date = kwargs['to_date']
#Set negative to negative value in kwargs
if 'negative' in kwargs:
negative = True
#Make it possible to set permissions for classes
object_id = 0
if not isclass(object):
object_id = object.id
#Get info about the object
content_type = get_content_type_for_model(object)
perm = Permission(
group=self,
content_type=content_type,
object_id=object_id,
from_date=from_date,
to_date=to_date,
negative=negative,
)
perm.save()
for p in Action.get_list_by_names(actions):
perm.actions.add(p)
perm.save()
self.invalidate_permission_tree_for_members()
def grant_role(self, role, object):
"""
Make it possible to set permissions for classes
"""
object_id = 0
if not isclass(object):
object_id = object.id
content_type = get_content_type_for_model(object)
act = Role.get_by_name(role)
perm = Permission(
role=act,
user=self,
content_type=content_type,
object_id=object_id
)
perm.save()
self.invalidate_permission_tree()
def has_permission_to(self, action_str, object, id=None, any=False):
if isinstance(object, str):
raise Exception(
'Argument 2 in user.has_permission_to was a string; The proper syntax is has_permission_to(action, object)!'
)
content_type = get_content_type_for_model(object)
object_id = 0
if not isclass(object):
object_id = object.id
action = Action.get_by_name(action_str)
allAction = Action.get_by_name('ALL')
#Checks if the group is permitted
perms = Permission.objects.filter(
content_type=content_type,
object_id=object_id,
group=self,
negative=False,
)
for perm in perms:
if action in perm.get_valid_actions():
return True
if allAction in perm.get_valid_actions():
return True
if self.parent:
return self.parent.has_permission_to(action,
object,
id=id,
any=any)
return False
